VYPR
Vypr IntelligenceAI-generatedJun 27, 2026· 26 CVEs

Linux Kernel: 25 Vulnerabilities Affecting Networking, Graphics, and Memory Management Disclosed Together

A batch of 25 vulnerabilities was disclosed in the Linux kernel on June 27, 2026, impacting networking, graphics, and memory management subsystems.

Key findings

  • 25 Linux kernel vulnerabilities disclosed on June 27, 2026, affecting multiple subsystems.
  • Vulnerabilities include null pointer dereferences, use-after-free bugs, and incorrect memory handling.
  • Key affected areas include networking, graphics (DRM/AMD), IOMMU, and memory management.
  • All reported vulnerabilities have been resolved in the Linux kernel.

On June 27, 2026, a batch of 25 vulnerabilities was disclosed in the Linux kernel, impacting various subsystems including networking, graphics, and memory management. These vulnerabilities, all resolved on the same day, range in severity and could lead to issues such as null pointer dereferences, use-after-free bugs, and incorrect memory handling.

Several vulnerabilities were found within the networking subsystem. CVE-2026-53297 and CVE-2026-53315 address issues in the net: mana driver, specifically guarding against double invocation during PM resume and using pci_name() for debugfs directory naming, respectively. CVE-2026-53300 in the net: enetc driver fixes a use-after-free issue related to NTMP DMA. CVE-2026-53299 in the net: airoha driver corrects an initialization order that could lead to a NULL pointer dereference. CVE-2026-53311 addresses an uninitialized value in fuse_dentry_revalidate(), and CVE-2026-53306 contains an off-by-one fix in tty: hvc_iucv. CVE-2026-53309 in ocfs2/dlm fixes an off-by-one error in region comparison.

The graphics and display drivers were also affected. CVE-2026-53316 and CVE-2026-53319, both in drm/amd/ras, fix NULL pointer dereferences in ras_core_ras_interrupt_detected() and ras_core_get_utc_second_timestamp(), respectively. CVE-2026-53293 in drm/amdgpu corrects issues with AMDGPU_INFO_READ_MMR_REG, and CVE-2026-53285 in drm/amd/display wraps DCN32 phantom-plane allocation. CVE-2026-53305 in usb: typec: ps883x fixes an Oops during device unbind.

Memory management and IOMMU subsystems saw several fixes. CVE-2026-53283 in iommu/amd adds bounds-checking for devid in __rlookup_amd_iommu(). CVE-2026-53310 in soc/tegra: cbb fixes a cross-fabric target timeout lookup. CVE-2026-53314 in padata ensures the CPU offline callback is in the ONLINE section to allow failure. CVE-2026-53312 in iommu/riscv removes overflows on the invalidation path. CVE-2026-53284 in btrfs ensures dirty pages are released only after successful writes. CVE-2026-53203 in f2fs protects extension_list reading with sb_lock.

Other notable fixes include CVE-2026-53288 for arm64 to reserve an extra page for early kernel mapping, CVE-2026-53296 and CVE-2026-53295 in the mailbox subsystem to free channels on probe error and add sanity checks, CVE-2026-53311 for fuse to fix an uninitialized value, CVE-2026-53307 in pinctrl to fully validate the 'pinmux' property, and CVE-2026-53278 in arm_mpam to check if the config array is allocated before destroying it. CVE-2026-53282 in x86/kexec ensures the kjump return address is pushed even for non-kjump kexec.

All reported vulnerabilities have been resolved in the Linux kernel. Users are advised to update to the latest kernel versions to incorporate these fixes. The timely disclosure and resolution of these issues highlight the ongoing efforts to maintain the security and stability of the Linux kernel.

Vypr Intelligence reported on a subset of these vulnerabilities, noting that they affect networking, graphics, and crypto, and include null pointer dereferences, hangs, and incorrect memory handling. They confirmed that all reported vulnerabilities have been resolved.

AI-written article. Grounded in 26 CVE records listed below.